Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

How to map/configure 2 mail servers  behind a firewall on the same lan/subnet

Posted on 2006-06-17
6
Medium Priority
?
243 Views
Last Modified: 2013-11-16
I have a firewall which has 2 mail server's public smtp and pop ips mapped to internal ips  via NAT one-to-one translation on ports 25 and port 110.
Example :
               Mail Server 1
               smtp.abc.com ( 66.92.81.1) map on (port 25) to 192.168.100.5                          
               pop.abc.com ( 66.92.81.2) map on  (port 110) to 192.168.100.6

               Mail Server 2
               smtp.xyz.com  ( 66.92.81.3) map on (port 25) to 192.168.100.10
               pop.xyz.com  ( 66.92.81.4) map on (port 110) to 192.168.100.11

The problem is if I turn both smtp servers on , 1 or the other emails does not work

How how should I map/configure the 2 mail servers or similar ports behind a firewall on the same lan/subnet ?
Whats the right way to do this?
0
Comment
Question by:texter777
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 16927035
They should work fine just as they are.
What kind of firewall do you have? Perhaps there is something not configured correctly in it?
0
 

Author Comment

by:texter777
ID: 16927388
sonicwall pro 2040.

Mapping one-to-one nat translation.

Rules
---------------
a) Allow  *   192.168.100.5 (LAN) Retrieve E-Mail (POP3)   [exchange server]
b) Allow  * 192.168.100.6 (LAN) Send E-Mail (SMTP)   [gfi mail essentials relay]

c)  Allow  *  192.168.100.10 (LAN) Retrieve E-Mail (POP3)  [mailserver2]
d)  Allow  *  192.168.100.10 (LAN) Send E-Mail (SMTP)  [mailserver2]

e) Allow  *  192.168.100.5 (LAN) Web (HTTP) Allow  [mailserver1]
++For webmail access
f)  Allow  *  192.168.100.10 (LAN) Web (HTTP) Allow  [mailserver2]
++for webmail access
0
 
LVL 1

Expert Comment

by:dlmario
ID: 16927530
Hi texter777,

there schould no problem using multiple SMTP, POP or IMAP servers in the same subnet. Are you sure you are using 4 IP addresse where you are doing NAT from? Why do you NAT your Network, when you have four external addresses?

For me it seems like you are using one external IP (a DSL for example) and doing NAT from this IP to your private subnet, isn´t it?

If not, it should be a setting on your router. Is it possible to do a tcpdump on the mailservers? Are you using linux machines?

However, theoretical there can not be a problem using more than one mailserver in a network segment - providers are doing the same ;-)

/Mario
0
 

Author Comment

by:texter777
ID: 16927549
Guys,
Thanks for your input.
Mario ,
Avoiding external addresess (dual nics) or DMZ , by using one-to-one NAT.
This method has its con side too, but since we have a kickass hardware firewall ,
have chosen to go with one-to-one NAT mapping.

I think Ive found the problem.
Interesting indeed....
The 2 nd mail server SMTP was bound ONLY ON the LAN IP address 192.168.100.10
and not on "All Addresses" .

This excluded the local loop (127.0.0.1),which made it unable for the SMTP to natively transfer the email to the POP3 mailboxes/service.

Hence I wasnt seeing the mail in my pop3 box.

Peace.
Texter

0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 17934535
PAQed with points refunded (100)

Computer101
EE Admin
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A 2007 NCSA Cyber Security survey revealed that a mere 4% of the population has a full understanding of firewalls. As business owner, you should be part of that 4% that has a full understanding.
In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question